Vulnerability Details : CVE-2012-0709
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.
Vulnerability category: Input validation
Products affected by CVE-2012-0709
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp3b:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp4a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp6a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp7:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:fp8:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8:fp4:*:*:*:*:*:*
Threat overview for CVE-2012-0709
Top countries where our scanners detected CVE-2012-0709
Top open port discovered on systems with this issue
523
IPs affected by CVE-2012-0709 39
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-0709!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-0709
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0709
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2012-0709
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0709
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390
IBM IC81390: SECURITY: UNAUTHORIZED ACCESS TO TABLES
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836
IBM IC81836: SECURITY: UNAUTHORIZED ACCESS TO TABLES
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004
Repository / Oval Repository
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/73493
IBM DB2 CREATE VARIABLE security bypass CVE-2012-0709 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21588100
IBM Security Bulletin: Unauthorized Access to Table Vulnerability in DB2 (CVE-2012-0709)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387
IBM IC81387: SECURITY: UNAUTHORIZED ACCESS TO TABLES
Jump to